Secure Access Service Edge (SASE) has become the new standard for securing connections to business-critical applications and other digital assets. An effective SASE implementation depends on performance, architecture, and support (among other factors) for hybrid and multi-cloud environments. In this post, IT Central Station members who use Cisco Umbrella and Cisco SD-WAN explain the importance of these factors – along with the functioning of core SASE elements like CASB – in using SASE for security and network management.
Architecture and Performance
SASE combines networking and security, so architecture is an important consideration for system owners. That’s the view of the head of IT operations at a small tech services company who uses Cisco SD-WAN. He said, “In a software-defined network architecture, it heals itself and the management of the solution is very easy.” In addition, a senior global product manager at a large comms service provider characterized Cisco SD-WAN as a global scale solution that provides an open architecture design with good technical support.
Eliot R., an executive vice president of operations and IT who uses Cisco SD-WAN at Sterling National Bank, cited cost savings of 80% and a performance boost of 400% as his reasons for providing such a positive review. A consultancy’s managing partner further noted that, “Cisco is absolutely cutting-edge in terms of robustness on the capability of the network to be very stable with very low delay. It is rock-solid and very stable with respect to delivering top-performance networking functions.”
CASB
A cloud access security broker (CASB) protects corporate data that sits in cloud-based applications. To work well in a SASE setting, a CASB needs good app discovery, visibility, and control capabilities. A system engineer at a small tech services company found this to be the case with the CASB features available in Cisco Umbrella. He explained, “The solution’s application control and application traffic steering tool are its most valuable aspects in terms of how we utilize the product. The solution allows organizations to have visibility into the application traffic.”
He added that, “after implementing the solution, we can see what types of traffic we have. We can see how users are using the internet and will be able to tell if anyone is downloading something that they shouldn’t be or if they are consuming a lot of data.” This latter comment reflects the need for CASB to help with data loss prevention strategies, which is part of the SASE reference architecture for Network-as-a-Service.
DNS Security
SASE incorporates domain name server (DNS) security to mitigate this risk of layer attacks. A security engineering senior manager at a large retailer talked about this issue, saying that Cisco Umbrella “has fixed the gap in our DNS protection.” They use the solution for DNS and IP reputation.
A network operations center (NOC) lead who uses Cisco Umbrella at a small tech services company similarly remarked, “The most valuable feature is the DNS security. It is used to watch all the traffic which we are routing through the endpoint and organization firewalls.” In this case, internet requests from all users and devices are routed through DNS security, which scans each and every request. It notifies the team if it is not safe and allows those that are. He added, “It is like an alarm center application near our firewall.”
Firewall-as-a-Service (FWaaS)
The FWaaS model offers a solution for the protection of traffic and digital assets located in many new places. For instance, a technical presales consultant at a computer software company explained, “A customer would create a tunnel between their on-prem firewall to the Cisco Umbrella cloud. This would make it so that all the traffic is filtered by the Umbrella Firewall-as-a-Service.”
Or, as Syed Ali W., a media company senior network and security consultant, put it, “If you have this solution you don’t need a big firewall. Because it’s a cloud-based solution, you can access this over the cloud anywhere in the world. You don’t need to build a big infrastructure. It will give you more return on investment.”
SD-WAN
SD-WAN allows organizations to provision secure, flexible networking to people and devices that are spread out geographically. Shah J., a network security associate who uses Cisco SD-WAN at a small software company, deals with this reality frequently. He shared that he recommends Cisco SD-WAN for clients who have multiple locations and want to have a centralized management view of all activity. He observed that, “every architecture is moving toward the cloud. Centralized management makes accessibility easier for one person.”
Eliot R. described Cisco SD-WAN as a solution for integrating services to enhance up-time and performance and lower costs, while the consultancy’s managing partner added that, with the Cisco SD-WAN, “There is very minimal delay in the network. In terms of performance, it’s absolutely best of breed, and world-class. There is no discussion about that.”
Want to Learn More About the Real-World Value Cisco Umbrella Offers?
IT Central Station collects thousands of reviews from professionals across the technology industry. These reviews offer honest evaluations of today’s most popular IT solutions, including Cisco Umbrella and Cisco SD-WAN.
What’s more, the IT Central Station team aggregated these reviews into the Peer Paper “SASE With Savvy: The Keys to an Effective Secure Access Service Edge Solution.” This paper offers more valuable insights on what IT professionals look for in a SASE solution, and how Cisco Umbrella or Cisco SD-WAN meets those needs. Download the Peer Paper to start your journey towards SASE today!